1. Home
    2. PAN-OS
    3. PAN-OS® Administrator’s Guide
    4. Policy
    5. Move or Clone a Policy Rule or Object to a Different Virtual System

    Move or Clone a Policy Rule or Object to a Different Virtual System

    On a firewall that has more than one virtual system (vsys), you can move or clone policy rules and objects to a different vsys or to the Shared location. Moving and cloning save you the effort of deleting, recreating, or renaming rules and objects. If the policy rule or object that you will move or clone from a vsys has references to objects in that vsys, move or clone the referenced objects also. If the references are to shared objects, you do not have to include those when moving or cloning. You can Use Global Find to Search the Firewall or Panorama Management Server for references.
    When cloning multiple policy rules, the order by which you select the rules will determine the order they are copied to the device group. For example, if you have rules 1-4 and your selection order is 2-1-4-3, the device group where these rules will be cloned will display the rules in the same order you selected. However, you can reorganize the rules as you see fit once they have been successfully copied.
    1. Select the policy type (for example,
      Policy
      Security
      ) or object type (for example,
      Objects
      Addresses
      ).
    2. Select the
      Virtual System
       and select one or more policy rules or objects.
    3. Perform one of the following steps:
      • Select
        Move
        Move to other vsys
         (for policy rules).
      • Click
        Move
         (for objects).
      • Click
        Clone
         (for policy rules or objects).
    4. In the
      Destination
       drop-down, select the new virtual system or
      Shared
      .
    5. (
      Policy rules only
      ) Select the
      Rule order
      :
      • Move top
         (default)—The rule will come before all other rules.
      • Move bottom
        —The rule will come after all other rules.
      • Before rule
        —In the adjacent drop-down, select the rule that comes after the Selected Rules.
      • After rule
        —In the adjacent drop-down, select the rule that comes before the Selected Rules.
    6. The
      Error out on first detected error in validation
       check box is selected by default. The firewall stops performing the checks for the move or clone action when it finds the first error, and displays just this error. For example, if an error occurs when the
      Destination
       vsys doesn’t have an object that the policy rule you are moving references, the firewall will display the error and stop any further validation. When you move or clone multiple items at once, selecting this check box will allow you to find one error at a time and troubleshoot it. If you clear the check box, the firewall collects and displays a list of errors. If there are any errors in validation, the object is not moved or cloned until you fix all the errors.
    7. Click
      OK
       to start the error validation. If the firewall displays errors, fix them and retry the move or clone operation. If the firewall doesn’t find errors, the object is moved or cloned successfully. After the operation finishes, click
      Commit
      .

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo